Skip to content

[eslint-miner] feat(eslint): add no-core-exportvariable-non-string rule#45075

Draft
github-actions[bot] wants to merge 1 commit into
mainfrom
eslint-miner/no-core-exportvariable-non-string-dc088cb9cbd884e7
Draft

[eslint-miner] feat(eslint): add no-core-exportvariable-non-string rule#45075
github-actions[bot] wants to merge 1 commit into
mainfrom
eslint-miner/no-core-exportvariable-non-string-dc088cb9cbd884e7

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

ESLint Miner — no-core-exportvariable-non-string

Rule summary

New ESLint rule that flags non-string values passed to core.exportVariable(): numeric literals, boolean literals, null, undefined, and .length member accesses.

Rationale

core.exportVariable(name, value) from @actions/core serialises the value into the environment file ($GITHUB_ENV). When value is not a string, implicit coercion silently produces unexpected strings that downstream steps may mis-interpret:

Passed value Written to $GITHUB_ENV
null "null"
true "true"
42 "42"
items.length e.g. "0"

This mirrors the existing no-core-setoutput-non-string rule (same logic, same targeted forms) and closes a preventive gap.

Evidence from codebase scan

  • All 17 current core.exportVariable calls in actions/setup/js already use string values — the rule adds 0 new warnings at baseline.
  • The pattern exists on the core.setOutput side (covered by the sibling rule) and the risk of copy-paste errors introducing non-string values is non-trivial.

Changes

File Change
eslint-factory/src/rules/no-core-exportvariable-non-string.ts New rule implementation
eslint-factory/src/rules/no-core-exportvariable-non-string.test.ts 10 tests (valid + invalid + suggestions)
eslint-factory/src/index.ts Register rule in plugin
eslint-factory/eslint.config.cjs Enable rule as warn for actions/setup/js

Validation

npm run build  ✓
npm run lint:setup-js  ✓  (158 warnings — same as before, 0 new)
vitest run ...test.ts  ✓  10/10 tests passed

Rule quality bar

  • ✅ Specific and actionable
  • ✅ Clear diagnostic message with code-action suggestions
  • ✅ Targets behaviour observed in actions/setup/js (exportVariable pattern)
  • ✅ Not stylistic — prevents silent data corruption in env var exports
  • ✅ Only touches eslint-factory and actions/setup/js (indirectly via lint)

Generated by ESLint Miner · 206.2 AIC · ⌖ 9.96 AIC · ⊞ 4.4K ·

  • expires on Jul 19, 2026, 1:33 AM UTC-08:00

Add a new ESLint rule that flags non-string values passed to
core.exportVariable() — numbers, booleans, null, undefined, or
.length — that silently produce unexpected strings (e.g. 'null',
'true') when the exported env var is read by downstream steps.

This mirrors the existing no-core-setoutput-non-string rule and
closes a preventive gap: all current exportVariable calls in
actions/setup/js already use strings, but the rule guards against
future regressions and matches the codebase convention.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

automation cookie Issue Monster Loves Cookies! eslint

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants